SlideShare a Scribd company logo

ISSA NL event 2013 06 06 Limits, Not Rails

Jurgen van der Vlugt
Jurgen van der Vlugt

On the necessary re-design of security controls. To provide guiding rails to keep only those that sway too far out, instead of slamming everyone into compliance with too-tight rails.

Business
1 of 37
Limits Not rails About groups, rules and defectors Jurgen van der Vlugt Dialogues House Amsterdam, 6 June 2013
Introduction • Jurgen = Ir.drs. J. van der Vlugt RE CISA CRISC • Plus the usual disclaimer that this is Work In Progress • So, questions please
Agenda • Rails • Rubbish • Reactions • Radicals • Guiding rails • Risk ‘Management’
Rails
Rails People-less Process & Technology
Rubbish →
(FUD)
Reactions to rules
Response
Range
Reaction; ratio (!) and psycho
Radicals • Extremist-bureaucrats • Defectors • ALWAYS • They belong! • Keep it fresh! • So keep them close…?
Freedom through guiding rails De scheef is niet van caouchouc
Guiding rails
Societal pressures; effective design • Understand the societal dilemma • Consider all four societal pressures • Pay attention to scale • Foster empathy & community • Use security systems to scale • Harmonize institutional pressures • Ensure fin.penalties ~ detection likelihood • Choose general, reactive sec.systems • Reduce power concentrations • Require transparency
Clear requirements
Resilience
Pt > Dt + Rt (Pt > 0) E = Dt + Rt (Pt = 0) → Zero-day exploits, or any unknown vectors (Note: • Clusterfucks • FUQed Boy scout model! Guiding rails
Conclusion: Risk ‘Management’ • Biases (list) • Notice the weak signals • Be creative • Don’t be a dictator (guiding rails) • Clear requirements • Be Prepared!
Hope you enjoy(ed) the ride That was all. Thank you.
Dank u
Further Reading
• Jvdvlugt@maverisk.nl • LinkedIn http://nl.linkedin.com/in/jurgenvandervlugt/ • Twitter @jvdvlugt • (G+, Pinterest, Tumblr, etc.etc.) “I hate quotations” (Ralph Waldo Emerson 1849, quoted by Rem Koolhaas in S, M, L, XL, 1995) Contact details Dogma: The problem starts at the secondary level, not with the originator or the developer of the idea but with the people who are attracted by it, who cling to it until their last nail breaks, and who invariably lack the overview, flexibility, imagination, and, most importantly, sense of humor, to maintain it in the spirit in which it was hatched. Ideas are made by masters, dogma by disciples, and the Buddha is always killed on the road. (Tom Robbins, Still Life with Woodpecker, 1984)

Recommended

Film campaign cover work
Film campaign cover workFilm campaign cover work
Film campaign cover workdpagoffs
 
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03Jurgen van der Vlugt
 
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces IT
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces ITNGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces IT
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces ITJurgen van der Vlugt
 
Down the Blind Alley (PDF)
Down the Blind Alley (PDF)Down the Blind Alley (PDF)
Down the Blind Alley (PDF)Jurgen van der Vlugt
 
IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs
IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto DesignsIDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs
IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto DesignsJurgen van der Vlugt
 
Permanent open depot rijks in kpmg gebouw v0.3
Permanent open depot rijks in kpmg gebouw v0.3Permanent open depot rijks in kpmg gebouw v0.3
Permanent open depot rijks in kpmg gebouw v0.3Jurgen van der Vlugt
 
ISSA ORM 2012 June 20 v0.3
ISSA ORM 2012 June 20 v0.3ISSA ORM 2012 June 20 v0.3
ISSA ORM 2012 June 20 v0.3Jurgen van der Vlugt
 
How to solve the crisis of mismanagement
How to solve the crisis of mismanagementHow to solve the crisis of mismanagement
How to solve the crisis of mismanagementSachidananda Benegal
 

Recommended

Film campaign cover work
Film campaign cover workFilm campaign cover work
Film campaign cover workdpagoffs
 
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03Jurgen van der Vlugt
 
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces IT
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces ITNGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces IT
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces ITJurgen van der Vlugt
 
Down the Blind Alley (PDF)
Down the Blind Alley (PDF)Down the Blind Alley (PDF)
Down the Blind Alley (PDF)Jurgen van der Vlugt
 
IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs
IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto DesignsIDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs
IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto DesignsJurgen van der Vlugt
 
Permanent open depot rijks in kpmg gebouw v0.3
Permanent open depot rijks in kpmg gebouw v0.3Permanent open depot rijks in kpmg gebouw v0.3
Permanent open depot rijks in kpmg gebouw v0.3Jurgen van der Vlugt
 
ISSA ORM 2012 June 20 v0.3
ISSA ORM 2012 June 20 v0.3ISSA ORM 2012 June 20 v0.3
ISSA ORM 2012 June 20 v0.3Jurgen van der Vlugt
 
How to solve the crisis of mismanagement
How to solve the crisis of mismanagementHow to solve the crisis of mismanagement
How to solve the crisis of mismanagementSachidananda Benegal
 
Ks fs for webster graduate students
Ks fs for webster graduate studentsKs fs for webster graduate students
Ks fs for webster graduate studentsSteve Foster
 
An introduction to integrative thinking bit14 share
An introduction to integrative thinking bit14 shareAn introduction to integrative thinking bit14 share
An introduction to integrative thinking bit14 shareHeidi Siwak
 
Personalities - MBTI
Personalities - MBTIPersonalities - MBTI
Personalities - MBTIHany Magdy Mustafa
 
Gislen Cultural Challenges seminar
Gislen Cultural Challenges seminarGislen Cultural Challenges seminar
Gislen Cultural Challenges seminarMikael Gislén
 
Surrounded by idiots
Surrounded by idiotsSurrounded by idiots
Surrounded by idiotsManuel Torres
 
Disc or jedi mind tricks?
Disc or jedi mind tricks?Disc or jedi mind tricks?
Disc or jedi mind tricks?David Guest
 
Polarity Thinking_CoCreative Consulting_20 March 2014
Polarity Thinking_CoCreative Consulting_20 March 2014Polarity Thinking_CoCreative Consulting_20 March 2014
Polarity Thinking_CoCreative Consulting_20 March 2014United Nations Development Programme
 
Whole Brain Learning
Whole Brain LearningWhole Brain Learning
Whole Brain LearningCharles Audley
 
Creative thinking
Creative thinkingCreative thinking
Creative thinkingBedoha
 
Media Theory and Theorists for G325
Media Theory and Theorists for G325Media Theory and Theorists for G325
Media Theory and Theorists for G325Jack Suddaby
 
Leadership and librarians
Leadership and librariansLeadership and librarians
Leadership and librariansFEBAB
 
Brazil July 2013
Brazil July 2013Brazil July 2013
Brazil July 2013Stephen Abram
 
Sowing the Seeds of Diversity
Sowing the Seeds of DiversitySowing the Seeds of Diversity
Sowing the Seeds of Diversitydreamwidth
 
Thinking about "Thinking"
Thinking about "Thinking"Thinking about "Thinking"
Thinking about "Thinking"Edward B. Rockower
 
vBrownBag Presentation
vBrownBag PresentationvBrownBag Presentation
vBrownBag PresentationJon Hildebrand
 
It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...
It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...
It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...Northern User Experience
 
It's complicated
It's complicatedIt's complicated
It's complicatedChristina Wodtke
 
How to mistrust a scientific paper
How to mistrust a scientific paperHow to mistrust a scientific paper
How to mistrust a scientific paperLeonid Schneider
 
Ambassador all day training 2
Ambassador all day training 2Ambassador all day training 2
Ambassador all day training 2Hannahmk12
 
Cargo Cult Agile training & coaching
Cargo Cult Agile training & coachingCargo Cult Agile training & coaching
Cargo Cult Agile training & coachingJose Luis Soria
 
Much Data 0.95
Much Data 0.95Much Data 0.95
Much Data 0.95Jurgen van der Vlugt
 
Risk Managers Of The Universe
Risk Managers Of The UniverseRisk Managers Of The Universe
Risk Managers Of The UniverseJurgen van der Vlugt
 

More Related Content

Similar to ISSA NL event 2013 06 06 Limits, Not Rails

Ks fs for webster graduate students
Ks fs for webster graduate studentsKs fs for webster graduate students
Ks fs for webster graduate studentsSteve Foster
 
An introduction to integrative thinking bit14 share
An introduction to integrative thinking bit14 shareAn introduction to integrative thinking bit14 share
An introduction to integrative thinking bit14 shareHeidi Siwak
 
Gislen Cultural Challenges seminar
Gislen Cultural Challenges seminarGislen Cultural Challenges seminar
Gislen Cultural Challenges seminarMikael Gislén
 
Surrounded by idiots
Surrounded by idiotsSurrounded by idiots
Surrounded by idiotsManuel Torres
 
Disc or jedi mind tricks?
Disc or jedi mind tricks?Disc or jedi mind tricks?
Disc or jedi mind tricks?David Guest
 
Creative thinking
Creative thinkingCreative thinking
Creative thinkingBedoha
 
Media Theory and Theorists for G325
Media Theory and Theorists for G325Media Theory and Theorists for G325
Media Theory and Theorists for G325Jack Suddaby
 
Leadership and librarians
Leadership and librariansLeadership and librarians
Leadership and librariansFEBAB
 
Sowing the Seeds of Diversity
Sowing the Seeds of DiversitySowing the Seeds of Diversity
Sowing the Seeds of Diversitydreamwidth
 
vBrownBag Presentation
vBrownBag PresentationvBrownBag Presentation
vBrownBag PresentationJon Hildebrand
 
It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...
It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...
It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...Northern User Experience
 
How to mistrust a scientific paper
How to mistrust a scientific paperHow to mistrust a scientific paper
How to mistrust a scientific paperLeonid Schneider
 
Ambassador all day training 2
Ambassador all day training 2Ambassador all day training 2
Ambassador all day training 2Hannahmk12
 
Cargo Cult Agile training & coaching
Cargo Cult Agile training & coachingCargo Cult Agile training & coaching
Cargo Cult Agile training & coachingJose Luis Soria
 

Similar to ISSA NL event 2013 06 06 Limits, Not Rails (20)

Ks fs for webster graduate students
Ks fs for webster graduate studentsKs fs for webster graduate students
Ks fs for webster graduate students
 
An introduction to integrative thinking bit14 share
An introduction to integrative thinking bit14 shareAn introduction to integrative thinking bit14 share
An introduction to integrative thinking bit14 share
 
Personalities - MBTI
Personalities - MBTIPersonalities - MBTI
Personalities - MBTI
 
Gislen Cultural Challenges seminar
Gislen Cultural Challenges seminarGislen Cultural Challenges seminar
Gislen Cultural Challenges seminar
 
Surrounded by idiots
Surrounded by idiotsSurrounded by idiots
Surrounded by idiots
 
Disc or jedi mind tricks?
Disc or jedi mind tricks?Disc or jedi mind tricks?
Disc or jedi mind tricks?
 
Polarity Thinking_CoCreative Consulting_20 March 2014
Polarity Thinking_CoCreative Consulting_20 March 2014Polarity Thinking_CoCreative Consulting_20 March 2014
Polarity Thinking_CoCreative Consulting_20 March 2014
 
Whole Brain Learning
Whole Brain LearningWhole Brain Learning
Whole Brain Learning
 
Creative thinking
Creative thinkingCreative thinking
Creative thinking
 
Media Theory and Theorists for G325
Media Theory and Theorists for G325Media Theory and Theorists for G325
Media Theory and Theorists for G325
 
Leadership and librarians
Leadership and librariansLeadership and librarians
Leadership and librarians
 
Brazil July 2013
Brazil July 2013Brazil July 2013
Brazil July 2013
 
Sowing the Seeds of Diversity
Sowing the Seeds of DiversitySowing the Seeds of Diversity
Sowing the Seeds of Diversity
 
Thinking about "Thinking"
Thinking about "Thinking"Thinking about "Thinking"
Thinking about "Thinking"
 
vBrownBag Presentation
vBrownBag PresentationvBrownBag Presentation
vBrownBag Presentation
 
It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...
It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...
It’s Complicated – Designing in The Age Of Emergence (by Christina Wodtke at ...
 
It's complicated
It's complicatedIt's complicated
It's complicated
 
How to mistrust a scientific paper
How to mistrust a scientific paperHow to mistrust a scientific paper
How to mistrust a scientific paper
 
Ambassador all day training 2
Ambassador all day training 2Ambassador all day training 2
Ambassador all day training 2
 
Cargo Cult Agile training & coaching
Cargo Cult Agile training & coachingCargo Cult Agile training & coaching
Cargo Cult Agile training & coaching
 

More from Jurgen van der Vlugt

ACAM-VDA NOREA Adviesdiensten 21 juni 2012
ACAM-VDA NOREA Adviesdiensten 21 juni 2012ACAM-VDA NOREA Adviesdiensten 21 juni 2012
ACAM-VDA NOREA Adviesdiensten 21 juni 2012Jurgen van der Vlugt
 
Adviesdiensten Norea Regio Noord 2012 05 10
Adviesdiensten Norea Regio Noord 2012 05 10Adviesdiensten Norea Regio Noord 2012 05 10
Adviesdiensten Norea Regio Noord 2012 05 10Jurgen van der Vlugt
 
Van Plank Misslaan Naar Spijker Op De Kop V0.3
Van Plank Misslaan Naar Spijker Op De Kop V0.3Van Plank Misslaan Naar Spijker Op De Kop V0.3
Van Plank Misslaan Naar Spijker Op De Kop V0.3Jurgen van der Vlugt
 
Advies Assurance September 2011 V0.97
Advies Assurance September 2011 V0.97Advies Assurance September 2011 V0.97
Advies Assurance September 2011 V0.97Jurgen van der Vlugt
 
VU Information Risk Management Security Management 2010 JvdV
VU Information Risk Management Security Management 2010 JvdVVU Information Risk Management Security Management 2010 JvdV
VU Information Risk Management Security Management 2010 JvdVJurgen van der Vlugt
 
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010Jurgen van der Vlugt
 
VU Uitvoering van de audit 28 mei 2010
VU Uitvoering van de audit 28 mei 2010VU Uitvoering van de audit 28 mei 2010
VU Uitvoering van de audit 28 mei 2010Jurgen van der Vlugt
 
Saxion Enschedé College Security 2009
Saxion Enschedé College Security 2009Saxion Enschedé College Security 2009
Saxion Enschedé College Security 2009Jurgen van der Vlugt
 
NOREA Update congres 2007 incl notes
NOREA Update congres 2007 incl notesNOREA Update congres 2007 incl notes
NOREA Update congres 2007 incl notesJurgen van der Vlugt
 
NOREA Regiosessie Reglementen 2010
NOREA Regiosessie Reglementen 2010NOREA Regiosessie Reglementen 2010
NOREA Regiosessie Reglementen 2010Jurgen van der Vlugt
 
Saxion Enschedé College Security 2010
Saxion Enschedé College Security 2010Saxion Enschedé College Security 2010
Saxion Enschedé College Security 2010Jurgen van der Vlugt
 

More from Jurgen van der Vlugt (14)

Much Data 0.95
Much Data 0.95Much Data 0.95
Much Data 0.95
 
Risk Managers Of The Universe
Risk Managers Of The UniverseRisk Managers Of The Universe
Risk Managers Of The Universe
 
ACAM-VDA NOREA Adviesdiensten 21 juni 2012
ACAM-VDA NOREA Adviesdiensten 21 juni 2012ACAM-VDA NOREA Adviesdiensten 21 juni 2012
ACAM-VDA NOREA Adviesdiensten 21 juni 2012
 
Adviesdiensten Norea Regio Noord 2012 05 10
Adviesdiensten Norea Regio Noord 2012 05 10Adviesdiensten Norea Regio Noord 2012 05 10
Adviesdiensten Norea Regio Noord 2012 05 10
 
Van Plank Misslaan Naar Spijker Op De Kop V0.3
Van Plank Misslaan Naar Spijker Op De Kop V0.3Van Plank Misslaan Naar Spijker Op De Kop V0.3
Van Plank Misslaan Naar Spijker Op De Kop V0.3
 
Advies Assurance September 2011 V0.97
Advies Assurance September 2011 V0.97Advies Assurance September 2011 V0.97
Advies Assurance September 2011 V0.97
 
VU Information Risk Management Security Management 2010 JvdV
VU Information Risk Management Security Management 2010 JvdVVU Information Risk Management Security Management 2010 JvdV
VU Information Risk Management Security Management 2010 JvdV
 
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
 
VU Uitvoering van de audit 28 mei 2010
VU Uitvoering van de audit 28 mei 2010VU Uitvoering van de audit 28 mei 2010
VU Uitvoering van de audit 28 mei 2010
 
Saxion Enschedé College Security 2009
Saxion Enschedé College Security 2009Saxion Enschedé College Security 2009
Saxion Enschedé College Security 2009
 
NOREA Update congres 2007 incl notes
NOREA Update congres 2007 incl notesNOREA Update congres 2007 incl notes
NOREA Update congres 2007 incl notes
 
NOREA ALV Symposium Advies 2010
NOREA ALV Symposium Advies 2010NOREA ALV Symposium Advies 2010
NOREA ALV Symposium Advies 2010
 
NOREA Regiosessie Reglementen 2010
NOREA Regiosessie Reglementen 2010NOREA Regiosessie Reglementen 2010
NOREA Regiosessie Reglementen 2010
 
Saxion Enschedé College Security 2010
Saxion Enschedé College Security 2010Saxion Enschedé College Security 2010
Saxion Enschedé College Security 2010
 

Recently uploaded

WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfJamesConcepcion7
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...Operational Excellence Consulting
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
BAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptxBAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptxran17april2001
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifeBhavana Pujan Kendra
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...Hector Del Castillo, CPM, CPMM
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesDavidSamuel525586
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSendBig4
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersPeter Horsten
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsKnowledgeSeed
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 

Recently uploaded (20)

WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdf
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers reference
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
BAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptxBAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptx
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in Life
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in Philippines
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.com
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exporters
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applications
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 

ISSA NL event 2013 06 06 Limits, Not Rails

  • 1. Limits Not rails About groups, rules and defectors Jurgen van der Vlugt Dialogues House Amsterdam, 6 June 2013
  • 2. Introduction • Jurgen = Ir.drs. J. van der Vlugt RE CISA CRISC • Plus the usual disclaimer that this is Work In Progress • So, questions please
  • 3. Agenda • Rails • Rubbish • Reactions • Radicals • Guiding rails • Risk ‘Management’
  • 7.
  • 8.
  • 10.
  • 11.
  • 12.
  • 13.
  • 16. Range
  • 18.
  • 19. Radicals • Extremist-bureaucrats • Defectors • ALWAYS • They belong! • Keep it fresh! • So keep them close…?
  • 20. Freedom through guiding rails De scheef is niet van caouchouc
  • 22. Societal pressures; effective design • Understand the societal dilemma • Consider all four societal pressures • Pay attention to scale • Foster empathy & community • Use security systems to scale • Harmonize institutional pressures • Ensure fin.penalties ~ detection likelihood • Choose general, reactive sec.systems • Reduce power concentrations • Require transparency
  • 23.
  • 25.
  • 26.
  • 27.
  • 29. Pt > Dt + Rt (Pt > 0) E = Dt + Rt (Pt = 0) → Zero-day exploits, or any unknown vectors (Note: • Clusterfucks • FUQed Boy scout model! Guiding rails
  • 30.
  • 31.
  • 32. Conclusion: Risk ‘Management’ • Biases (list) • Notice the weak signals • Be creative • Don’t be a dictator (guiding rails) • Clear requirements • Be Prepared!
  • 33. Hope you enjoy(ed) the ride That was all. Thank you.
  • 34.
  • 37. • Jvdvlugt@maverisk.nl • LinkedIn http://nl.linkedin.com/in/jurgenvandervlugt/ • Twitter @jvdvlugt • (G+, Pinterest, Tumblr, etc.etc.) “I hate quotations” (Ralph Waldo Emerson 1849, quoted by Rem Koolhaas in S, M, L, XL, 1995) Contact details Dogma: The problem starts at the secondary level, not with the originator or the developer of the idea but with the people who are attracted by it, who cling to it until their last nail breaks, and who invariably lack the overview, flexibility, imagination, and, most importantly, sense of humor, to maintain it in the spirit in which it was hatched. Ideas are made by masters, dogma by disciples, and the Buddha is always killed on the road. (Tom Robbins, Still Life with Woodpecker, 1984)